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Claims: 

1 . A method to allow at least one party to perform at least one 
permitted activity with respect to a device, comprising the steps of: 

embedding a role certificate in said device, wherein the role 
5 certificate identifies said at least one permitted activity and wherein the role 

certificate is generated by a Certification Authority (CA); 

embedding at least information regarding a public key in said device 
, the public key corresponding to the private key used by the CA to sign 
the role certificate; and 
10 running the device so as to verify the role certificate using said 

information regarding the CA public key so that said at least one permitted 
activity can be activated within the device by said at least one party if the 
role certificate is verified. 

15 2. A method as defined in claim 1, wherein the role certificate includes 

information regarding a control security level for said device so that the device 
only allows said at least one permitted activity to be a type of action which is 
within the security level of the device as defined by the role certificate. 

20 3. A method as defined in claim 2, wherein the security level defined 

by the role certificate allows a type of software code to be downloaded, and/or 
installed, and/or run on said device by said at least one party. 

4. A method as defined in claim 3, wherein the type of software code is 
25 from the group of types of software code consisting of test code, production code 

and special code. 

5. A method as defined in claim 4, wherein the special code can be 
code linked to a specific at least one party. 

30 
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6. A method as defined in claim 3, wherein the role certificate 
farther contains information with regard to a specific party of said at least one 
party that can download, and/or install, and/or run said type of software code. 

7. A method as defined in claim 1 , wherein the role certificate 
further contains information with regard to a specific party of said at least one 
party that can activate the at least one permitted activity within the device. 

8. A method as defined in claim 7, wherein said information with 
regard to a specific party is a hash of information identifying said specific party's 
public key, and wherein the device validates said specific party by receiving said 
information identifying said specific party's public key, and hashing this 
information and comparing the hash value to the hash value contained in the role 
certificate so that if the hash values are equal, then the specific party is permitted to 
activate the at least one permitted activity. 

9. A method as defined in claim 7, wherein said specific party is a 
group of entities. 

10. A method as defined in claim 1 , wherein the embedding of the role 
certificate into the device is performed after the information regarding the public 
key of the CA is embedded into the device. 

11. A method as defined in claim 1 , wherein the information regarding 
the CA public key is embedded in the device in a tamper resistant area. 

12. A method as defined in claim 1 1 , wherein the tamper resistant area 
of the device is a portion memory in the device such that any modification of 
information stored therein can be ascertained. 
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13. A method as defined in claim 1, wherein the role certificate contains 
information which causes said device to control the debugging facilities of said 
device with respect to said at least one party. 

14. A method as defined in claim 1, wherein the CA is a root CA. 

15. A method as defined in claim 1, wherein the device is a wireless 

device. 

16. A method as defined in claim 1 , wherein the CA is any entity 
other than said at least one party. 

17. A method as defined in claim 1, wherein the role certificate may 
contain any use limitation with respect to said at least one permitted activity. 

18. A method as defined in claim 17, wherein said any use limitation 
includes a time limitation with respect to activating said at least one permitted 
activity. 

19. A method as defined in claim 1, wherein said information regarding 
the CA public key is a hash value of said CA public key. 

20. A role certificate mechanism to permit at least one activity to be 
activated in a device, comprising: 

memory within the device containing a role certificate, wherein the 
role certificate identifies said at least one activity, and further where the 
memory contains information regarding a first key corresponding to a 
second key used to sign the role certificate; and 

means for running the device so as to verify the role certificate 
using said information regarding the first key so that said at least one 
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permitted activity can be activated within the device. 

21. A role certificate mechanism as defined in claim 20, wherein the 
memory has a tamper resistant area and wherein said information regarding the 
first key is stored in said tamper resistant area. 

22. A role certificate mechanism as defined in claim 20, wherein the 
role certificate further includes information regarding the identity of a third party, 
and wherein the means for verifying the role certificate includes means for reading 
said third party identity; wherein the role certificate mechanism further comprises 
means for receiving information from a third party and comparing at least a portion 
of said received information with the read third party identity from said role 
certificate, and if the comparison is the same, allowing said third party to perform 
said at least one activity on said device. 

23. A role certificate mechanism as defined in claim 22, wherein said 
device is a mobile phone. 

24. A role certificate mechanism as defined in claim 20, wherein said 
device is a mobile phone. 

25. A role certificate mechanism as defined in claim 20, wherein said 
information regarding the first key is a hash of said first key. 

26. An apparatus to allow at least one party to perform at least one 
permitted activity with respect to a device, comprising: 

means for embedding a role certificate in said device, wherein the 
role certificate identifies said at least one permitted activity and wherein the 
role certificate is generated by a Certification Authority (CA); 

means for embedding information regarding a public key in said 
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device , the public key corresponding to the private key used by the CA to 
sign the role certificate; and 

means for running the device so as to verify the role certificate 
using said information regarding the CA public key so that said at least one 
permitted activity can be activated within the device by said at least one 
party. 

27. An apparatus as defined in claim 26, wherein the role certificate 
includes information regarding a control security level for said device so that the 
means for running the device provides that the at least one permitted activity to 
only be a type of action which is within the security level of the device as defined 
by the role certificate. 

28 An apparatus as defined in claim 27, wherein the security level 
defined by the role certificate allows a type of software code to be downloaded to 
said device by said at least one party. 

29. An apparatus as defined in claim 28, wherein the type of software 
code is from the group of types of software code consisting of test code, production 
code and special code. 

30. An apparatus as defined in claim 29, wherein the special code can be 
code linked to a specific at least one party. 

31. An apparatus as defined in claim 29, wherein the role certificate 
further contains information with regard to a specific party of said at least one 
party that can download, and/or install, and/or run said type of software code. 

32. An apparatus as defined in claim 27, wherein the role certificate 
further contains information with regard to a specific party of said at least one 
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party that can activate the at least one permitted activity within the device. 

33. An apparatus as defined in claim 32, wherein said information with 
regard to a specific party is a hash of information identifying said specific party's 
public key, and wherein the device validates said specific party by receiving said 
information identifying said specific party's public key, and hashing this 
information and comparing the hash value to the hash value contained in the role 
certificate so that if the hash values are equal, then the specific party is permitted 
to activate the at least one permitted activity. 

34. An apparatus as defined in claim 32, wherein said specific party is a 
group of entities. 

35. An apparatus as defined in claim 26, wherein the information 
regarding the CA public key is embedded in the device in a tamper resistant area. 

36. An apparatus as defined in claim 26, wherein said information 
regarding the CA public key is a hash of said CA public key. 

37. An apparatus as defined in claim 26, wherein the role certificate 
contains information which causes said device to control the debugging facilities of 
said device with respect to said at least one party. 

38. An apparatus as defined in claim 26, wherein the device is a wireless 

device. 

39. An apparatus as defined in claim 26, wherein the role certificate may 
contain any use limitation with respect to said at least one permitted activity. 

40. An apparatus as defined in claim 39, wherein said any use limitation 
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includes a time limitation with respect to activating said at least one permitted 
activity. 
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